Enterprise Infrastructure Solutions (EIS) Risk Management Framework Plan (RMFP) Systems in accordance with (IAW) C.1.8.7
|
|
- MargaretMargaret O’Brien’
- 6 years ago
- Views:
Transcription
1 Enterprise Infrastructure Solutions Volume 1 Technical Volume EIS Risk Management Framework Plan Enterprise Infrastructure Solutions (EIS) Risk Management Framework Plan (RMFP) Systems in accordance with (IAW) C November 4, 2016 Prepared by CenturyLink Government Services, Inc North Fairfax Drive Arlington, VA SFA# /NSP# i RFP No.: QTA0015THA3003 Company Proprietary Data contained on this page is subject to the restrictions on the title page of this proposal. November 4, 2016
2 Enterprise Infrastructure Solutions Volume 1 Technical Volume EIS Risk Management Framework Plan REVISION HISTORY Revision Number Revision Date Revision Description Revised by SFA# /NSP# ii RFP No.: QTA0015THA3003 Company Proprietary Data contained on this page is subject to the restrictions on the title page of this proposal. November 4, 2016
3 Enterprise Infrastructure Solutions Volume 1 Technical Volume EIS Risk Management Framework Plan TABLE OF CONTENTS EIS Risk Management Framework Plan (RMFP) Overview... 1 Purpose... 2 Related Plans... 3 Tier 1 Organization: CenturyLink... 4 Tier 2 Mission/Business Process: CenturyLink Risk Management for EIS... 6 Tier 3 Information Systems... 8 Information System RMFP Development Process LIST OF FIGURES Figure 1. Enterprise Security Risk Management Program... 3 Figure 2. Risk Management Framework Plan Steps LIST OF TABLES Table 1. EIS Products and Services SFA# /NSP# iii RFP No.: QTA0015THA3003 Company Proprietary Data contained on this page is subject to the restrictions on the title page of this proposal. November 4, 2016
4 Enterprise Infrastructure Solutions Volume 1 Technical Volume EIS Risk Management Framework Plan EIS RISK MANAGEMENT FRAMEWORK PLAN (RMFP) OVERVIEW CenturyLink follows industry-leading information security standards and best practices to ensure the integrity of our services and confidentiality of customer and company information. Comprehensive security policies and standards guide these practices which include extensive controls in the areas of personnel, systems, and facility security. CenturyLink maintains a hierarchy of information security-related policies and standards, using the National Institute of Standards and Technology (NIST) Special Publication (SP) 800 series as guidance. Authority for these policies is founded in the CenturyLink code of conduct (available on the public Internet under our corporate governance page), and corporate ethics and compliance program, as authorized by the CenturyLink Board of Directors. CenturyLink implements industry standard security to ensure data assurance, integrity, and confidentiality of customer and company information in support of our telecommunications services. These practices include implementing controls in the areas of personnel, systems, and facility security. CenturyLink has also implemented comprehensive Business Continuity and Disaster Recovery (BC/DR) measures and controls to ensure the availability of customer and corporate networks. To ensure that the security architecture stays current with best practices, CenturyLink takes a lead role in developing standards, working with vendors, and implementing innovative approaches to improve our products, including security services. In support of the General Services Administration (GSA) Networx Universal and Enterprise contracts, CenturyLink has delivered system security plans and obtained Department of Homeland Security (DHS) Cybersecurity Compliance Validation (CCV) and Trusted Internet Connections (TIC) Compliance Validation (TCV) for the Managed Trusted Internet Protocol Service (MTIPS) TIC Networx accreditation, annually, since CenturyLink will continue to maintain the systems security plans and accreditations with the DHS and GSA under Enterprise Infrastructure Solutions (EIS). CenturyLink operates and maintains several government-accredited facilities throughout the U.S. These facilities are capable of processing and storing information at the top SFA# /NSP# RFP No.: QTA0015THA3003 Company Proprietary Data contained on this page is subject to the restrictions on the title page of this proposal. November 4, 2016
5 Enterprise Infrastructure Solutions Volume 1 Technical Volume EIS Risk Management Framework Plan secret/sensitive compartmented information (TS/SCI) security level. The facilities support various government contracts, which include the DHS EINSTEIN 3 Accelerated (E 3 A) program, and have a long history of commendable security compliance assessments. This effectively demonstrates CenturyLink s knowledge and ability to apply the risk management framework. Building a foundation on the CenturyLink processes and controls we have previously used to reduce risk in information systems, we have developed a risk management framework plan (RMFP) that consolidates our practices, standards, framework, and processes across the system lifecycle. PURPOSE This CenturyLink RMFP addresses EIS requirements for security compliance in accordance with the risk management framework and NIST SP (Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach, issued February 2010), as defined in Request for Proposal (RFP) Section C.1.8.7, System Security Requirements. Our plan focuses on the processes and practices we will use to ensure security compliance for the services provided under EIS. We will implement our multi-tiered enterprise security program to achieve compliance, as detailed in the CenturyLink Security Risk Management Program depicted in Figure 1 below. There are a number of goals for CenturyLink s RMFP: Document the three-tiered approach for risk management to address risk-related concerns at each level of the hierarchy: The organization level addresses risk from an organizational perspective with the development of a comprehensive governance structure and organization-wide risk management strategy The mission and business process level defines and prioritizes the core missions and business processes for the organization and defines the types of information processed SFA# /NSP# RFP No.: QTA0015THA3003 Company Proprietary Data contained on this page is subject to the restrictions on the title page of this proposal. November 4, 2016
6 Enterprise Infrastructure Solutions Volume 1 Technical Volume EIS Risk Management Framework Plan The information system level determines the definition of a boundary and ultimately selects and applies appropriate safeguards and countermeasures Define the required six (6) risk management framework steps at the information system level: Categorize, Select, Implement, Assess, Authorize, Monitor Provide a process for creating information system risk management framework plans on a task order (TO) basis as demonstrated with the Business Support Systems (BSS) and MTIPS RMFPs CenturyLink will maintain and periodically update this plan with the benefit that revisions to this plan will be at no cost to the government. RELATED PLANS below: The following risk plans will also be developed and provided as indicated in the chart Plan RFP Reference Relationship to this Plan Draft Supply Chain Risk Management Plan G.6.3 Documents procedures for handling supply chain and thirdparty risk within the overall EIS risk framework Draft BSS Risk Management Framework Plan G Information system-specific risk plan for the BSS Draft MTIPS Risk Management Framework Plan C Information system-specific risk plan for MTIPS Figure 1. Enterprise Security Risk Management Program SFA# /NSP# RFP No.: QTA0015THA3003 Company Proprietary Data contained on this page is subject to the restrictions on the title page of this proposal. November 4, 2016
7
8 Enterprise Infrastructure Solutions Volume 1 Technical Volume EIS Risk Management Framework Plan Information security-related functions are performed in collaboration with CenturyLink s operations organizations, as follows: Corporate Security/information security (InfoSec): Provides end-to-end governance and policymaking; maintains comprehensive processes for measuring InfoSec risk and managing those risks within acceptable levels through clear policy-setting, assessments, and compliance management. Business continuity planning: Provides planning efforts, including facilitating the development, testing, and training of BC/DR plans to ensure that CenturyLink and our customers are prepared to effectively manage disaster situations. Risk assessment: Maintains a risk inventory to highlight the risk and potential exposure status for key infrastructure elements, including extensive monitoring and analysis of numerous sources for newly published vulnerabilities. Monitors compliance with CenturyLink policies and standards using key industry and international standards as guidance. CenturyLink conducts ongoing risk assessments of individual systems and network elements. Vulnerability management: CenturyLink has a number of threat intelligence feeds that provide vulnerability notifications. Threats are evaluated, and threat information, including vulnerability information, is distributed to appropriate operations teams through multiple methods. Strategic security planning with hardware and software suppliers: Reveals risk dependencies between systems and risk pinch points. Establishes strong relationships for vulnerability notification and remediation. Building compliance-based security into CenturyLink networks: Records and tracks risk remediation activity. Collects and collates data about incidents affecting information systems, highlighting root causes and business impact with appropriate follow-up. Operations/corporate infrastructure and systems sphere: Operational teams focus on information technology (IT) areas including internal CenturyLink computing and network components. SFA# /NSP# RFP No.: QTA0015THA3003 Company Proprietary Data contained on this page is subject to the restrictions on the title page of this proposal. November 4, 2016
9
10
11 Enterprise Infrastructure Solutions Volume 1 Technical Volume EIS Risk Management Framework Plan Information and Information Systems to Security Categories. The overall system categorizations are derived from the different information system types. The following security categorizations are applied to specific EIS information systems that have an established, identified, and agreed-to information system boundary with the GSA, and where GSA personnel have performed the FIPS 199 security category. EIS BSS Gateway EIS MTIPS EIS FedRAMP Services FIPS 199 Moderate Impact FIPS 199 High Impact FIPS 199 Moderate Impact RFP Section C specifies the minimum FIPS 199 security category as FIPS 199 moderate impact level due to the data that will be processed and held within the CenturyLink-provided EIS services and resultant solutions and systems. More restrictive or higher impact levels can be stated within awarded TOs. TIER 3 INFORMATION SYSTEMS Information systems that initiate their lifecycles under the EIS program will inherit policies, processes, and technical control implementations from Tier 1 as appropriate. Each will comply with Tier 2 security directives; inherit control implementations, monitoring and tailoring from Tier 2 as appropriate; and address additional cybersecurity requirements and specific control tailoring directives in accordance with the agency policy and requirements that are issued within the TO under EIS. At this tier, all six steps of the risk management framework must be addressed across the system lifecycle and documented in a system-specific risk plan using the CenturyLink EIS RMFP process provided in Figure 2 below as applicable per the agency TO. SFA# /NSP# RFP No.: QTA0015THA3003 Company Proprietary Data contained on this page is subject to the restrictions on the title page of this proposal. November 4, 2016
12
13
14
15
16
17
18
19
LIST OF TABLES. Table Applicable BSS RMF Documents...3. Table BSS Component Service Requirements... 13
General Services Administration NS2020 Enterprise Infrastructure Solutions EIS RFP #QTA0015THA3003 Volume 2: Management BSS Risk Management Framework Plan LIST OF TABLES Table 8.2-1. Applicable BSS RMF
More informationCENTURYLINK DRAFT SUPPLY CHAIN RISK MANAGEMENT (SCRM) PLAN
Enterprise Infrastructure Solutions Volume 2 Management Volume Draft SCRM Plan CENTURYLINK DRAFT SUPPLY CHAIN RISK MANAGEMENT (SCRM) PLAN DRAFT CDRL 77 November 4, 2016 Qwest Government Services, Inc.
More informationrequirements, we developed an MNS foundation that is adaptable to different requirements for size, bandwidth, and complexity.
General Services Administration (GSA) Enterprise Infrastructure Solutions (EIS) requirements, we developed an MNS foundation that is adaptable to different requirements for size, bandwidth, and complexity.
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Hardward Device Hardware Device Inventory provides the Enterprise with the methods and schema necessary to identify
More informationVol. 2 Management RFP No. QTA0015THA General Services Administration (GSA) Enterprise Infrastructure Solutions (EIS)
General Services Administration (GSA) Enterprise Infrastructure Solutions (EIS) or more test data sets provided by GSA and demonstrate how we meet the specified BSS acceptance criteria through the test
More informationEnterprise Infrastructure Solutions
i March 31, 2017November 4, 2016 TABLE OF CONTENTS Letter of Commitment... iii Executive Summary... 1 Standard Form 33 (L.32.1) and Amendments... 1 Representations and Certifications (L.32.2)... 23 Corporate
More informationInformation Systems and Organizations
1.4.2 ICT Supply Chain Risk ICT supply chain risks include insertion of counterfeits, unauthorized production, tampering, theft, insertion of malicious software and hardware (e.g., GPS tracking devices,
More informationThe Level 3 EIS BSS leverages the applications inherent in the Level 3 commercial Operations Support System (OSS),
General Services Administration (GSA) Enterprise Infrastructure Solutions (EIS) management volume) as soon as possible after The Level 3 EIS BSS leverages the applications inherent in the Level 3 commercial
More informationContinuous Diagnostic and Mitigation and Continuous Monitoring as a Service. CMaaS TASK AREAS
Continuous Diagnostic and Mitigation and Continuous Monitoring as a Service CMaaS TASK AREAS CMaaS TASK AREAS The contractor shall provide functional, strategic, and managerial business consulting and
More informationSOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER
EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER ARRIVAL OF GDPR IN 2018 The European Union (EU) General Data Protection Regulation (GDPR), which takes effect in 2018, will bring changes
More informationVol. 2 Management RFP No. QTA0015THA A2-2
Manufacturing and Assembly: All MetTel manufacturing and assembly activities are focused on the reduction of supply chain risk. MetTel s SCRM Plan and the associated Systems Acquisition (SA) controls for
More informationSCRM for CDM Products
SCRM for CDM Products CDM Tools Approved Products List (APL) Supply Chain Risk Management Plan Overview Briefing for CISQ Cyber Resilience Summit October 19, 2017 Continuous Diagnostics and Mitigation
More informationSOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER
EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER ARRIVAL OF GDPR IN 2018 The European Union (EU) General Data Protection Regulation (GDPR) that takes effect in 2018 will bring changes for
More informationSECTION 2 DESCRIPTION / SPECIFICATIONS / STATEMENT OF WORK
SECTION 2 DESCRIPTION / SPECIFICATIONS / STATEMENT OF WORK 2.1 BACKGROUND The Department of Homeland Security (DHS) has responsibility for overseeing and assisting Government-wide and agency-specific efforts
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Portfolio Management Portfolio Management is the process of analyzing, selecting, controlling, and evaluating needs
More informationWe are IntechOpen, the world s leading publisher of Open Access books Built by scientists, for scientists. International authors and editors
We are IntechOpen, the world s leading publisher of Open Access books Built by scientists, for scientists 3,500 108,000 1.7 M Open access books available International authors and editors Downloads Our
More informationHow to Stand Up a Privacy Program: Privacy in a Box
How to Stand Up a Privacy Program: Privacy in a Box Part III of III: Maturing a Privacy Program Presented by the IT, Privacy, & ecommerce global committee of ACC Thanks to: Nick Holland, Fieldfisher (ITPEC
More informationModernizing Cyber Defense: Embracing CDM. Okta Inc. 301 Brannan Street, Suite 300 San Francisco, CA
Modernizing Cyber Defense: Embracing CDM Okta Inc. 301 Brannan Street, Suite 300 San Francisco, CA 94107 info@okta.com 1-888-722-7871 The Department of Homeland Security s (DHS) Continuous Diagnostic and
More informationMANAGEMENT of INFORMATION SECURITY Third Edition
LANNING FOR MANAGEMENT of INFORMATION SECURITY Third Edition CHAPTER ECURITY You got to be careful if you don t know where you re going, because you might not get there. Yogi Berra Upon completion of this
More informationand then to manage them after award as shown in Figure Vol. 2 Management RFP No. QTA0015THA
General Services Administration (GSA) Enterprise Infrastructure Solutions (EIS) 2.1.2.1 Organization We have established the Level 3 EIS Contractor Program Management Office (CPMO) (depicted in Figure
More informationIT Strategic Plan Portland Community College 2017 Office of the CIO
IT Strategic Plan Portland Community College 2017 Office of the CIO 1 Our Vision Information Technology To be a nationally recognized standard for Higher Education Information Technology organizations
More informationIT Strategic Plan Portland Community College 2017 Office of the CIO
IT Strategic Plan Portland Community College 2017 Office of the CIO 1 Our Vision Information Technology To be a nationally recognized standard for Higher Education Information Technology organizations
More informationHANDOUT A: DESIGNING, IMPLEMENTING AND SUSTAINING A METRICS PROGRAM
HANDOUT A: DESIGNING, IMPLEMENTING AND SUSTAINING A METRICS PROGRAM CRISC CGEIT CISM CISA 9/11/2013 1 Handout A: Developing a Security metrics program Identify business/it drivers for the program and sponsors
More informationFigure shows the importance of the The Level 3 Team members and carrier partners confidently rely on the Level 3 network, the
Figure 1.1-1 shows the importance of the The Level 3 Team members and carrier partners confidently rely on. In the Level 3 network, the satisfy applicable EIS The integral We harness these capabilities
More informationRSA Solution for egrc. A holistic strategy for managing risk and compliance across functional domains and lines of business.
RSA Solution for egrc A holistic strategy for managing risk and compliance across functional domains and lines of business Solution Brief Enterprise Governance, Risk and Compliance or egrc is an umbrella
More informationWhy SDN Matters to Government
Executive Summary Network virtualization with software control, reflected in Software Defined Networking (SDN) and Network Functions Virtualization (NFV) technologies, will fundamentally alter the way
More informationImproving Cybersecurity and Resilience through Acquisition [DRAFT] IMPLEMENTATION PLAN
Improving Cybersecurity and Resilience through Acquisition [DRAFT] IMPLEMENTATION PLAN Version 1.0 February 2014 Page 1 of 7 Table of Contents Introduction... 3 Purpose... 3 Plan Development Process...
More informationVol. 1 Technical RFP No. QTA0015THA
General Services Administration (GSA) Enterprise Infrastructure Solutions (EIS) plans feature no limitations such as restrictions in calling times or extra digits to dial. Our communications experts identify
More information06.0 Data and Access Classification
Number 6.0 Policy Owner Information Security and Technology Policy Data and Asset Classification Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 6. Data and Asset
More informationKNIGHT POINT S NETWORK MANAGED SERVICES DELIVERING COMMUNICATIONS AS A SERVICE TO THE FEDERAL GOVERNMENT
KNIGHT POINT S NETWORK MANAGED SERVICES DELIVERING COMMUNICATIONS AS A SERVICE TO THE FEDERAL GOVERNMENT Background: A Changing Environment Current trends in government and industry are driving dramatic
More informationRevision Summary Document for the FEA Consolidated Reference Model Version 2.3
Revision Summary Document for the FEA Consolidated Reference Model Version 2.3 October 2007 Table of Contents 1 INTRODUCTION... 3 2 OVERVIEW... 4 3 PERFORMANCE REFERENCE MODEL (PRM)... 5 3.1 Mission and
More informationSECTION C - DESCRIPTION / SPECIFICATIONS / STATEMENT OF WORK
SECTION C - DESCRIPTION / SPECIFICATIONS / STATEMENT OF WORK C.1. OBJECTIVE The objective of OASIS is to provide Government agencies with total integrated solutions for a multitude of professional service
More informationMAXIMIZE PERFORMANCE AND REDUCE RISK
PREMIER SERVICES MAXIMIZE PERFORMANCE AND REDUCE RISK FOR ASTRO 25 AND DIMETRA SYSTEMS LATIN AMERICA REGION COMPLEXITIES IN MISSION CRITICAL SYSTEMS CONTINUE TO INCREASE Mission critical communications
More informationEnterprise SM VOLUME 2, SECTION 2.1.8: PROGRAM MANAGEMENT PLAN
VOLUME 2, SECTION 2.1.8: PROGRAM MANAGEMENT PLAN (3)Enterprise SM Networx Level 3 Communications, LLC Version 3 Re-submittal March 5, 2007 2.1.8.1 INTRODUCTION As a Government-wide acquisition contract,
More informationSuprTEK PanOptes TM Continuous Monitoring Platform
SuprTEK PanOptes TM Continuous Monitoring Platform Superlative Technologies, Inc. dba SuprTEK 45195 Research Place, Ashburn, VA 20147 www.suprtek.com Introduction Today s government IT system owners are
More informationStatewide POLICY P700 Rev 2.0
STATE of ARIZONA Government Information Technology Statewide POLICY P700 Rev 2.0 TITLE: Enterprise Architecture Effective Date: October 31, 2007 1. AUTHORITY The Government Information Technology (GITA)
More informationEnabling NASA Software-as-a-Service (SaaS) Use
Enabling NASA Software-as-a-Service (SaaS) Use Computing Services Program Office Enterprise Managed Cloud Computing (EMCC) Service Office Version 1.0, September 29, 2016 NASA Enterprise Managed Cloud Computing
More informationOutsourcing Transparency Evolution: Creating Value Across the Third-Party Extended Enterprise
Outsourcing Transparency Evolution: Creating Value Across the Third-Party Extended Enterprise @ComplianceWeek #CW2017 Release for answers to polling questions I understand that any data or information
More informationOptiv's Third- Party Risk Management Solution
Optiv's Third- Party Management Solution Third-Party Relationships Pose Overwhelming To Your Organization. Data Processing 641 Accounting Education 601 Payroll Processing Call Center 452 400 901 Healthcare
More informationAchieving Competitive Advantage Through Supply Chain Management Challenges of a Services Organization
Achieving Competitive Advantage Through Supply Chain Management Challenges of a Services Organization Edward J. Sheehan, Jr. President & Chief Executive Officer Concurrent Technologies Corporation March
More informationBC & RISK MANAGEMENT: CONVERGENCE IS REAL David Halford Forsythe Solutions Group Frank Perlmutter Strategic BCP
BC & RISK MANAGEMENT: CONVERGENCE IS REAL David Halford Forsythe Solutions Group Frank Perlmutter Strategic BCP WHY THE CONVERGENCE OF BUSINESS CONTINUITY & RISK MANAGEMENT? The convergence of BC and RM
More informationTopics. Background Approach Status
16 th September 2014 Topics Background Approach Status Background e-governance in India National e-governance Plan 2006 31 Mission Mode Projects Quality Assurance in e-governance Quality Assessment of
More informationStandards and Technology
Guide to Standards and Technology SAFECOM s Standards Development Model Where We Are Going Radio, voice, and data interoperability is a problem in many jurisdictions due to the lack of communication standards.
More informationBaseline assessments. The Connected Enterprise Execution Model. Stage 1. Data and reporting. Network infrastructure
Stage 1 Baseline assessments Without a solid infrastructure you can t achieve the desired value you re looking for. Therefore, a comprehensive infrastructure and network assessment will establish to what
More informationEmerging Technology and Security Update
Emerging Technology and Security Update February 13, 2015 Jordan Reed Managing Director Agenda 2015 Internal Audit Capabilities and Needs Survey 2014 IT Priorities Survey Results 2014 IT Security and Privacy
More informationEffects of GDPR and NY DFS on your Third Party Risk Management Program
Effects of GDPR and NY DFS on your Third Party Risk Management Program Please disable popup blocking software before viewing this webcast June 27, 2017 Grant Thornton LLP. All rights reserved. 1 CPE Reminders
More informationCommunications. Purpose. Introductory Notes
Communications Enterprise Purpose The purpose of Communications is to develop, deploy, and manage internal and external communications to support resiliency activities and processes. Introductory Notes
More informationRockwell Automation Services. Minimize Risk. Maximize Productivity.
Rockwell Automation Services Minimize Risk. Maximize Productivity. Why Rockwell Automation Services? Tailored Services Help You Solve Critical Manufacturing Issues Are you under pressure to maximize productivity
More informationFACE DOWN CYBERTHREATS WITH CDM INSIDE P2 CDM ROLLOUT PRESSURED BY INCREASING THREATS P3 WHAT S NEXT FOR CDM? P4 ALLIANT GWAC USED FOR SOME CDM NEEDS
ONLINE REPORT SPONSORED BY: FACE DOWN CYBERTHREATS WITH CDM INSIDE P2 CDM ROLLOUT PRESSURED BY INCREASING THREATS P3 WHAT S NEXT FOR CDM? P4 ALLIANT GWAC USED FOR SOME CDM NEEDS P5 PHASE 3 REQUIREMENTS
More informationAppendix A - Service Provider RACI Model
Portfolio es: R A C / I P.1 Portfolio Strategy Centralized management of one or more portfolios (major programs), which includes identifying, prioritizing, authorizing, managing, and controlling projects,
More informationEnsuring Organizational & Enterprise Resiliency with Third Parties
Ensuring Organizational & Enterprise Resiliency with Third Parties Geno Pandolfi Tuesday, May 17, 2016 Room 7&8 (1:30-2:15 PM) Session Review Objectives Approaches to Third Party Risk Management Core Concepts
More informationTurningPoint EIS Transition and Business Operations Support Services
TurningPoint EIS Transition and Business Operations Support Services EIS Transition Services EIS-PLUS EIS-PLUS MBO Philip Moser Director, Business Development TurningPoint Global Solutions LLC Phil.Moser@tpgsi.com
More informationProtecting Information Assets - Week 9 - Business Continuity and Disaster Recovery Planning. MIS 5206 Protecting Information Assets
Protecting Information Assets - Week 9 - Business Continuity and Disaster Recovery Planning MIS5206 Week 9 Case study discussion Business Continuity Planning (BCP) and Disaster Recovery (DR) Planning Test
More informationThe U.S. Department of Homeland Security
Sample Order Under The Contractor s Basic GSA Schedule contract is applicable to the Order that is awarded under this BPA ISSUED BY: General Services Administration Federal Systems Integration and Management
More informationCOBIT. IT Governance CEN 667
COBIT IT Governance CEN 667 1 Project proposal (week 4) Goal of the projects are to find applicable measurement and metric methods to improve processes: For 27000 series of standards 27001 and 27004 For
More informationPractical Risk Management: Framework and Methods
New SEI Course! Practical Risk Management: Framework and Methods September 23-24, 2009 Arlington, VA Register at: www.sei.cmu.edu/products/courses/p78.html 1 13 th International Software Product Line Conference
More informationVENDOR RISK MANAGEMENT FCC SERVICES
VENDOR RISK MANAGEMENT FCC SERVICES Introductions Chris Tait, CISA, CFSA, CCSK, CCSFP Principal, Financial Services Baker Tilly Russ Sommers, CPA, CISA Senior Manager, Financial Services Baker Tilly Agenda
More informationPL : Securing our Agriculture and Food Act
PL 115-43: Securing our Agriculture and Food Act John P. Sanders, Jr., DVM DACVPM Office of Health Affairs Department of Homeland Security October 15, 2017 Securing our Agriculture and Food Act The law
More informationUniversity Information Technology Services. Business Impact Analysis For {System Name}
University Information Technology Services Business Impact Analysis For {System Name} Prepared by Victor Font UITS Business Continuity / Disaster Recovery Coordinator January 2013 1. Overview... 3 1.1
More informationBCP Methodology Benefits realisation
www.pwc.com.cy/technology-consulting BCP Methodology Benefits realisation BCP Methodology Our BCP methodology incorporates five (5) phases. The phases take an organisation from prioritising core business
More informationDefinition. Are we doing them the right way? right things? Cloud Governance Framework 26-nov-17 2
Definition Cloud Governance: Ensuring a strategic approach in context of longer term enterprise goals and sustainability, while executing day to day activities in a coordinated way Are we doing the right
More informationBusiness Continuity Framework
Business Continuity Framework A definition to the Components of Resiliency March, 1 Business Continuity Framework 1. INTRODUCTION... 3 2. PURPOSE... 3 3. THE FRAMEWORK... 4 4. STEERING COMMITTEE... 5 5.
More informationInternal Audit Division FY 17 - Audit Plan Overview
Division FY 17 - Audit Plan Overview Our Value Proposition - Objective Insight and Catalyst for Positive Change delivers value-added services that are catalysts for positive institutional change in governance,
More informationINFORMATION SERVICES FY 2018 FY 2020
INFORMATION SERVICES FY 2018 FY 2020 3-Year Strategic Plan Technology Roadmap Page 0 of 14 Table of Contents Strategic Plan Executive Summary... 2 Mission, Vision & Values... 3 Strategic Planning Process...
More informationElevate your DR Program from the Backroom to the Boardroom
Elevate your DR Program from the Backroom to the Boardroom David Halford Managing Consultant Enterprise Risk Management, BCDR Forsythe Solutions Group 1 2 3 4 5 6 7 Elevate your DR Program Discussion Topics
More informationModernization and Migration Management (M3) Playbook GSA, Unified Shared Services Management
Modernization and Migration Management (M3) Playbook GSA, Unified Shared Services Management Introduction How to Read an Activity Description Objective: Provides the overall objective of the activity :
More informationUNDERSTANDING CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)
ONLINE REPORT SPONSORED BY: CONTRACT GUIDE UNDERSTANDING CONTINUOUS DIAGNOSTICS & MITIGATION (CDM) INSIDE 2 3 4 5 6 WHAT IS CDM AND WHY DO YOU NEED IT? CDM COULD BE A GAME-CHANGER HOW DOES CDM WORK? WITH
More informationSecurity Risks Analysis
Security Risks Analysis Dr. Arafat Awajan 2006 11/17/2006 Dr. Awajan Arafat 1 Security Planning 11/17/2006 Dr. Awajan Arafat 2 Chapter Objectives Recognize the importance of planning and describe the principal
More information12.0 Business Continuity Management
Number 12.0 Policy Owner Information Security and Technology Policy Business Continuity Management Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 12. Business Continuity
More informationRSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, anti-virus, intrusion prevention systems, intrusion
More informationISO 28002: RESILIENCE IN THE SUPPLY CHAIN: REQUIREMENTS WITH GUIDANCE FOR USE
Version 1b: September 5, 2009 ISO 28002: RESILIENCE IN THE SUPPLY CHAIN: REQUIREMENTS WITH GUIDANCE FOR USE Draft Version 1b: September 5, 2009 Abstract A comprehensive management systems approach to prevent,
More informationRisk assessment checklist - Acquire and implement
Check Yes or No or N/A (where not applicable). Where a No is indicated, some action may be required to rectify the situation. Cross-references (e.g., See FN 1.01) point to the relevant policy in the First
More informationAn Overview of the AWS Cloud Adoption Framework
An Overview of the AWS Cloud Adoption Framework Version 2 February 2017 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes
More informationEXIN ITIL Exam Questions & Answers
EXIN ITIL Exam Questions & Answers Number: ITIL Passing Score: 800 Time Limit: 120 min File Version: 37.4 http://www.gratisexam.com/ EXIN ITIL Exam Questions & Answers Exam Name: ITIL V3 Foundation Exam
More informationPolicy Incident Communication Plan. Table of Contents
Table of Contents Incident Communication Plan... 3 Overview... 3 Objective... 3 Policy... 4 Guidelines... 4 Request for Information... 5 Editorial or Letter to Editor Requests... 6 Requests for Interviews...
More informationA Quick Guide to Effective Crisis Communications
Crisis Communications Quick Quide A Quick Guide to Effective Crisis Communications An inside look at the best practice technologies and strategies for preparing and responding to unforeseen emergencies,
More informationInformation, Privacy and Archives Division. Government of Ontario Function-Based Common Records Series: Information Technology
Information, Privacy and Archives Division Government of Ontario Function-Based Common Records Series: Information Technology December 2014 December 2014 Page 2 of 22 INFORMATION TECHNOLOGY FUNCTION ACRONYM:
More informationPractices in Enterprise Risk Management
Practices in Enterprise Risk Management John Foulley Risk Management Practices Head SAS Institute Asia Pacific What is ERM? Enterprise risk management is a process, effected by an entity s board of directors,
More informationSupply Chain. Example Policy. Author: A Heathcote Date: 24/05/2017 Version: 1.0
Example Policy Author: A Heathcote Date: 24/05/2017 Version: 1.0 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental body created
More informationHoneywell Software Service Tools Help Manage Control System Performance, Security and Process Plant Outcomes
Honeywell Software Service Tools Help Manage Control System Performance, Security and Process Plant Outcomes Today s Honeywell LSS software service tools portfolio and the vision to optimize software tool
More informationBCP Methodology Benefits realisation
www.pwc.com.cy BCP Methodology Benefits realisation Risk Assurance Consulting (RAC) Risk Assurance Consulting (RAC) helps management to make well informed decisions. The insight and independent assurance
More informationHomeland Security Presidential Directive (HSPD-12) Product and Service Components
Solicitation FCIS-JB-980001-B FSC Group 70 SIN 132-62 Homeland Security Presidential Directive (HSPD-12) Product and Service Components Personal Identity Verification (PIV) Systems Infrastructure Services
More informationSTRATEGIC ASSET MANAGEMENT POLICY
STRATEGIC ASSET MANAGEMENT POLICY Purpose: Camrose County is responsible for providing a range of essential services to the community, including transportation networks, facility infrastructure, utility
More informationPrepare for GDPR today with Microsoft 365
Prepare for GDPR today with Microsoft 365 2 Table of contents 01. 02. 03. 04. 05. Executive Sumary Landscape Assess and manage your compliance risk Protect your most sensitive data Closing 3 01. Executive
More informationSoftware Assurance in Acquisition and Contract Language
Software Assurance in Acquisition and Contract Language Acquisition & Outsourcing, Volume I Version 1.1, July 31, 2009 Software Assurance (SwA) Pocket Guide Resources This is a resource for getting started
More informationMicrosoft Enterprise Services
Microsoft Enterprise Services Description of Services July 2014 Table of content 1 About this document... 2 2 Consulting services... 3 2.1 How to purchase... 3 2.2 Package descriptions... 3 2.2.1 Enterprise
More informationInformation Security Policy
Information Security Policy Issue sheet Document reference Document location Title Author Issued to Reason issued NHSBSARM001 NHS Business Services Authority Information Security policy Head of Security
More informationTable of Contents Section E: Inspection and Acceptance SECTION E INSPECTION AND ACCEPTANCE E-1
Table of Contents Section E: Inspection and Acceptance SECTION Table of Contents PAGE E-i SECTION E INSPECTION AND ACCEPTANCE E-1 E.1 52.252-2 Clauses Incorporated by Reference (FEB 1998) E-1 E.2 Verification
More informationSTEPS FOR EFFECTIVE MANAGEMENT OF VENDOR AND SUPPLIER CYBERSECURITY RISKS. April 25, 2018 In-House Counsel Conference
STEPS FOR EFFECTIVE MANAGEMENT OF VENDOR AND SUPPLIER CYBERSECURITY RISKS April 25, 2018 In-House Counsel Conference Presenters: Daniela Ivancikova, Assistant General Counsel, University of Delaware Evan
More informationIBM Cloud Service Description: IBM Kenexa Skills Manager on Cloud
IBM Cloud Services Agreement IBM Cloud Service Description: IBM Kenexa Skills Manager on Cloud The following is the Service Description for your Order: 1. Cloud Service Description The following is the
More information2 Analytics Reinvented
Federal agencies now have access to larger and richer collections of data to advance their mission. New technologies and techniques make it possible to collect, analyze and act on this data in new and
More informationIBM Service Management solutions To support your business objectives. Increase your service availability and performance with IBM Service Management.
IBM Service Management solutions To support your business objectives Increase your service availability and performance with IBM Service Management. The challenges are clear for today s operations If you
More informationREQUEST FOR INFORMATION RFI #
REQUEST FOR INFORMATION RFI #1424-415 Project Title: Summary of Expected Results: No Contract Awarded: Response Due Date: Unisys Hosting and Support Services The purpose of this Request for Information
More informationPrinciples of Information Security, Fourth Edition. Chapter 10 Implementing Information Security
Principles of Information Security, Fourth Edition Chapter 10 Implementing Information Security Learning Objectives Upon completion of this material, you should be able to: Explain how an organization
More informationREGULATORY HOT TOPIC Third Party IT Vendor Management
REGULATORY HOT TOPIC Third Party IT Vendor Management 1 Todays Outsourced Technology Services Core Processing Internet Banking Mobile Banking Managed Security Services Managed Data Center Services And
More informationHardening Defense in Depth Cyber Risk Management Principles with Integrated Regulatory Risk Management. Sponsor:
Hardening Defense in Depth Cyber Risk Management Principles with Integrated Regulatory Risk Management THANK YOU TO OUR SPONSOR SPONSOR: RISKONNECT Riskonnect, a Thoma Bravo portfolio company, is the trusted,
More informationHuman Resources Security Management towards ISO/IEC 27001:2005 accreditation of an Information Security Management System
Human Resources Security Management towards ISO/IEC 27001:2005 accreditation of an Information Security Management System Professor PhD. Constantin MILITARU Polytechnic University of Bucharest, Romania
More informationChange, Controls & Risk
Change, Controls & Risk Compliance Monitoring and Risk Scoring Challenges and Rewards The purpose of this presentation: 1 To Think of Continually Changing Dependencies 2 To Think of Continually Changing
More informationIT Framework Memorandum. For. Supervised Institutions
CENTRALE BANK VAN CURAÇAO EN SINT MAARTEN (Central Bank) IT Framework Memorandum For Supervised Institutions WILLEMSTAD, Updated version April 2011 IT Framework Memorandum for Supervised Institutions 1.
More informationNETWORX PROGRAM INDIVIDUAL SMALL BUSINESS SUBCONTRACTING PLAN IDIQ TASK ORDER BASED
NETWORX PROGRAM INDIVIDUAL SMALL BUSINESS SUBCONTRACTING PLAN IDIQ TASK ORDER BASED Company Name: Qwest Government Services, Inc. (QGSI) Address: 4250 N. Fairfax Drive Arlington, VA 22203 Date Submitted:
More information